OpenPGP digital signature query

John Clizbe John at
Mon Apr 20 22:50:01 CEST 2009

Darshan Jain wrote:
> Can OpenPGP digital signature be used to comply to FDA's 21 CFR Part 11
> , or does it mandatorally require X.509 or PKI based signatures

You check the DHHS HIPAA page, ? Might be
a bit more authoritative that Wikipedia.

Best answer, maybe. Depends on the circumstances
(HIPPA/HIPAA[0] provide different sets of protections.
Encryption/Digital signatures may or may not be applicable.)

OpenPGP can be used for HIPAA compliance - I've implemented it for
several medical practices.

Your interests would be best served by a) hiring the services of a
security consultant knowledgeable in the dealings of HIPAA specifically
as it relates to the FDA; b) consulting an attorney knowledgeable in
technology, c) both of the above.

[0] way back in the dark ages of the mid-90s, before HIPAA: the Health
Insurance Portability & Accountability Act, there was HIPPA: Health
Information Privacy Protection Act. Google "health information privacy
protection act" in quotes to get references to HIPPA, without quotes
you'll get HIPAA. EPIC has a good Bibliography[1] on the Confidentiality
of Health Information.

John P. Clizbe                      Inet:John (a)
You can't spell fiasco without SCO. hkp://  or
     mailto:pgp-public-keys at

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 678 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090420/0c78c681/attachment.pgp>

More information about the Gnupg-users mailing list